Data Protection and Privacy
Introduction
Legislation in various parts of the world – such as the General Data Protection Regulation (GDPR) of the European Union (EU) - specifies that personal data cannot be collected and processed without a person’s consent or other legitimate basis, and that organizations are responsible for protecting personal data that is entrusted to them. The concept of personal data typically covers details that can be used to identify a person, such as the person's name, email address or IP address.
Note:
In the different countries of the EU, the GDPR may be known under another, language-specific name. For example, it known as the Datenschutz-Grundverordnung (DSGVO) in Germany and as Règlement Général sur la Protection des Données (RGPD) in France.
Universal Messaging includes personal data such as user names, and client IP addresses / host names in the logs. Universal Messaging includes personal data in logs for purposes of auditing, monitoring activity with the server, and diagnosing and correcting problems.
Universal Messaging is a middleware platform on which customers build their own applications. Most of the data handled by Universal Messaging is arbitrary customer-defined data whose meaning is defined by the customer who developed the application. Some of that customer-defined data may qualify as personal data, so if you are developing applications on the Universal Messaging platform, you should be careful to ensure compliance with laws related to that data.
If Software AG support personnel request you to send diagnostic data such as operational logs for the purposes of diagnosing product issues, and if this diagnostic data contains personal data, you should be aware that Software AG has GDPR processes in place to ensure that data is held securely and deleted when no longer needed.
Summary of Log Files used by Universal Messaging
Universal Messaging uses the log files described in the following table. The log files can contain personal data associated with a current activity, such as a user ID and client IP address. The length of time that a Universal Messaging server stores log data depends on the log.
Log | |
standard server log file | The log file is named nirvana.log and resides in the server/<RealmServerName>/data directory. The data remains there for as long as the log file is retained. When using the default Universal Messaging logger, the log file policy is defined by the DefaultLogSize realm server property which defines the maximum size of the log file, and the RolledLogFileDepth realm server property, which defines the number of log files to keep if log rolling is activated. The personal data can be removed by either manually removing lines from the file, or deleting a log file altogether. |
audit log file | The audit log file is named NirvanaAudit.mem and resides in the server/<RealmServerName>/data/RealmSpecific directory. The data remains in the audit log file for as long as the file exists. There is no mechanism to partially remove data from this log file. The only way to remove the personal data is by deleting the NirvanaAudit.mem file. |
Ad-hoc creation of data collections
In addition to standard operational data that is collected by Universal Messaging, some data can be collected on an ad-hoc basis by the Universal Messaging administrator. Such ad-hoc data is typically written to a location on your file system.
Examples are:
Realm Information Collector
The files collected by the Realm Information Collector tool can include files that may contain personal data related to messages that are being handled by the server.
Exported Realm Configuration File
When you export a realm's configuration to an XML file for a later re-import, the XML file can contain personal data, such as user IDs and client IPs related to ACL permissions for accessing realm components.
Heap Dump
A heap dump (which Software AG may request you to generate for the purpose of diagnosing problems) may contain personal data related to messages that are being handled by the server, or the server's log files.
Protecting and erasing data from log files
As there are many situations in which user names, IP addresses or events containing personal data may be logged, including by customer-provided plug-ins and third-party libraries, it is not practical to enumerate all of the log messages that may contain such data, or the set of categories they may be logged under.
Log files are formatted for reading by human system administrators (not machines), so rectification of data contained within them does not make sense, and erasure of data for individual persons is not practical. The retention of complete information in log files also serves an important and legitimate purpose, in providing a security audit trail, and the ability to diagnose and fix accidental or unlawful events compromising the availability, integrity or confidentiality of the application and personal data it contains.
For these reasons, the recommended approach to protecting personal data in log files is to regularly rotate the logs (also termed log rolling) in cases where log rotation is activated, and archive the old log files to a secured location protected by encryption.